Data Privacy

1. An overview of data processing

General information

The following information will provide you with an easy to navigate overview of what happens to your personal information when you visit our website. Personal data comprises all data with which you can be personally identified. For detailed information on the various topics of data privacy please consult the further explanations of this privacy policy.

Data capturing on our website

Who is the responsible party for the collecting of data on this website (i.e. the “controller”)?

The data processing on this website is carried out by the website operator. You can find their contact details here in Chapter 2 or in the imprint of this website.

How do we collect your data?

Your data is collected on the one hand by actively sharing your data with us. This may, for example, be data that you enter in a contact form or send to us by e-mail.

Other data is automatically collected by the host’s IT systems when you visit our website. These are mainly technical data (e.g. internet browser, operating system or time of page access). The collection of this data takes place automatically as soon as you access our website.

Suitable tools may be used for the analysis of such accesses, for which we obtain your consent before they are activated.

What do we use your data for?

A portion of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user patterns. Data sent to us will be used to process your request.

What rights do you have regarding your data?

You have the right to obtain free of charge information about the origin, recipients and purpose of your stored personal data at any time. You have the right to request the correction, blocking or deletion of this data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. In addition, you have the right, in certain circumstances, to request the restriction of the processing of your personal data.

For details on the rights of data subjects concerned, see Chapter 2. You can contact us at any time at the address of the responsible body or contact the Data Protection Officer referred to in Chapter 3.

Analysis tools and tolls provided by third parties

There is a possibility that your surfing behavior can be statistically evaluated when you visit our website. You may object to this analysis.

Various tools that make additional information available to the website, contribute to the design of the website or prevent the misuse of our website’s functions are mostly provided by third parties, whereby consent is obtained if the data might be intensely used by a third party.

Detailed information can be found in chapters 4, 5 and 8 of this privacy policy. In particular, we will inform you about the options for objection.

2. General information and mandatory information

Data privacy

As the operator of this website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations (in particular the European General Data Protection Regulation) as well as in accordance with this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission on the Internet (e.g. when communicating via e-mail) may have security gaps. It is not possible to completely protect data against third party access.

Information about the responsible party (in the GDPR referred to as the "controller")

The controller responsible for data processing on this website is:

BioVariance GmbH

Konnersreuther Str. 6g

95652 Waldsassen

Telephone: +49 9632/9248325

Email: info@oncovariant.com

The controller is the natural person or legal entity that alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Revocation of your consent to data processing

A wide range of data processing operations are only possible with your express consent. You can revoke your given consent in accordance with Art. 7 para. 3 GDPR with effect for the future at any time. An informal message by e-mail to us is sufficient. The legality of the data processing carried out prior to your revocation remains unaffected by the revocation.

Right to object to data collection in special cases as well as to direct advertising (Art. 21 DS-GVO)

If the data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which data processing is based can be found in this privacy policy. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21 para. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of infringements of the GDPR, any data subject is entitled to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of alleged infringement, in accordance with Art. 77 GDPR. The right to appeal shall be without prejudice to other administrative or judicial remedies.

The competent supervisory authority in Bavaria is the Bavarian State Office for Data Protection Supervision, Promenade 18, D-91522 Ansbach, Germany

Right to data portability

You have the right to demand that we hand over any data that we automatically process on the basis of your consent or in the performance of a contract, in accordance with Art. 20 GDPR, to yourself or to a third party in a common, machine-readable format. If you require the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.

Information, completion and correction of data

Within the scope of the applicable statutory provisions, Art. 15 GDPR, you have the right at any time to obtain free information about your stored personal data, their source and recipients and the purpose of the data processing. In accordance with Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.

Right to restriction of processing, blocking and deletion of data

You have the right to request relevant data to be deleted immediately in accordance with Art. 17 GDPR or alternatively to request a restriction or blocking of the processing of your personal data in accordance with Art. 18 GDPR.

A deletion must be carried out if one of the following reasons applies and processing is not necessary:

  • The personal data has been collected for such purposes or otherwise processed for which it is no longer necessary.
  • The data subject revokes his or her consent, on which the processing is based in accordance with Article 6 para. 1 lit. a GDPR or Article 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 para. 2 GDPR
  • Personal data have been processed unlawfully.
  • The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which the controller is subject.
  • The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this claim. For the duration of the examination, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data has happened or happens unlawfully, you may request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have filed an objection pursuant to Art. 21 para. 1 GDPR, a balance must be made between your interests and our interests. As long as it is not yet known whose interests outweigh, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – with the exception of their archiving – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of an important public interest of the European Union or of a member state.

The right to rectification and deletion can only be fulfilled in accordance with your request if this does not conflict with a legal obligation to retain data (e.g. commercial requirements).

SSL and/or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock icon in your browser line.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties. We recommend that you keep your Internet browser up-to-date, so that the secure transport of your data via insecure networks is guaranteed.

Automated decision-making

As a responsible company, we waive automated decision-making or any profiling.

3. Data protection officer

Designation of a data protection officer as mandated by law

We have appointed a data protection officer for our company.

Schmid Datensicherheit GmbH

Heidestraße 4

D-92637 Weiden / Opf.

Telefon: +49 (0)961 4 71 29 41

If you only want to contact the data protection officer of BioVariance GmbH for questions concerning data protection by e-mail, please send your inquiry to: dsb.biovariance@schmid-datensicherheit.de.

If you would like to contact BioVariance GmbH directly about privacy issues by e-mail, please send your request to: datenschutz@biovariance.com.

4. Data capture on our website

Cookies

Our website and its pages partly use so-called cookies. Cookies do not cause damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies we use are so-called “session cookies”. They will be automatically deleted after you leave our website. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit our website.

You can adjust the settings of your browser so that you are informed about the setting of cookies and only allow cookies in specific cases, exclude the acceptance of cookies in certain cases or generally, and activate the automatic deletion of cookies when closing your browser. When disabling cookies, the functionality of this website may be limited.

The cookie settings can be administrated independently for most browsers. On the Internet there are suitable instructions for the respective browsers. Most browsers also offer a so-called “do-not-track” function. If this feature is enabled, the respective browser sends an identifier to advertising networks, websites and applications that you do not want to track with respect to behavior-based advertising and the like. On the Internet, you will receive appropriate information and instructions on how to edit this function.

Cookies, which are necessary to carry out the electronic communication process or to provide certain functions you want to use (e.g. shopping cart function), are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies to ensure the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your browsing behaviour) are stored, these are treated separately in this data privacy declaration.

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server request
  • The IP address

This data is not merged with other data sources.

The collection of this data takes place on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose the storage of the server log files, which will be deleted after a few days, is necessary.

Usage of Google reCaptcha

To protect our services offered through this website, we use Google reCaptcha. In the version of this Google function used by us, a behavior-based analysis of the usage of the website is carried out, scanning whether a person or a computer makes a specific input in our contact or newsletter form. In order to perform the analysis of whether you are a person or a computer, Google collects various data about your use of our website and uses information from the browser you use. Google checks the following data: IP address of the device used, the URL of the specific page that you visit from our website and on which the captcha is embedded, the date and duration of the visit, the identification data of the browser and operating system type used, the ID of your Google account if you are logged in at Google, mouse movements on the reCaptcha fields as well as tasks where you need to identify images, for example.

This serves the identification and suppression of automated entries into the input fields on our website by means of a so-called “robot”. Abusive inputs are thus prevented in order to inhibit the transmission of spam and fraudulent content to us as the operator of the website. The legal basis for the described data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in this data processing to ensure the security of our website and to protect us from automated inputs (attacks). Further information on Google reCaptcha’s privacy policy is available on https://policies.google.com/privacy?hl=en.

5. Analysis tools and advertising

Website analytics

This website does not currently use web analytics services.

6. Social Media Channels

Facebook

Parallel to this website, we maintain an online presence on the social network Facebook. Data generated when visiting this presence may be processed and used outside the EU area. Information on the processing of your data at Facebook can be obtained directly from the provider

Data policy: https://de-de.facebook.com/policy.php, address: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Twitter

Parallel to this website, we maintain an online presence on the social network Twitter. Data generated when visiting this presence may be processed and used outside the EU area. Information on the processing of your data at Twitter can be obtained directly from the provider:

Data policy: https://twitter.com/de/privacy, address: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland.

Xing

Parallel to this website, we maintain an online presence on the social network Xing. Data generated when visiting this presence may be processed and used outside the EU area. Information on the processing of your data at Xing can be obtained directly from the provider:

Data policy: https://privacy.xing.com/de/datenschutzerklaerung/, address: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

LinkedIn

Parallel to this website, we maintain an online presence on the social network LinkedIn. Data generated when visiting this presence may be processed and used outside the EU area. Information on the processing of your data at LinkedIn can be obtained directly from the provider:

Data policy: https://www.linkedin.com/legal/privacy-policy, address: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland.

7. Newsletter

CleverReach

We use the services of CleverReach to send newsletters. The provider is the CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. With this service, we can organise and analyse the sending of newsletters. Your data entered for the purpose of receiving our newsletter, such as your e-mail address, will be stored on CleverReach’s servers. Server locations are Germany and Ireland.

The newsletter sending with CleverReach allows us to analyse the performance of our newsletter campaigns and the behaviour of the newsletter recipients. The analysis shows, among other things, how many recipients have opened their newsletter and with what frequency links were clicked in the newsletter. CleverReach supports “conversion tracking” to analyse whether a previously defined action, such as a product purchase, has taken place after clicking on a link. If you open such an email sent via the CleverReach tool, a file integrated into the e-mail (a so-called web beacon) triggers access to CleverReach’s servers in Germany or Ireland. At this time, further technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. Its sole purpose is to carry out statistical analyses. The results of such analyses can be used to better tailor future newsletters to the interests of their recipients. For details on data analysis by CleverReach, see: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). A withdrawal of your already given consent is possible at any time. An informal message by e-mail is sufficient for the revocation or you register via the “unsubscribe” link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For unsubscribe, simply send us an informal message by e-mail or you can unsubscribe via the “unsubscribe” link in the newsletter.

Data entered to set up the subscription will be deleted in case of unsubscribe from our servers and CleverReach servers. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

We use the Google service reCaptcha to determine whether a person or a computer makes a specific input in our newsletter form. This service is explained in Chapter 4 of this privacy policy.

For details on CleverReach’s privacy policy, see: https://www.cleverreach.com/de/datenschutz/.

Processing on behalf of a controller

We have executed a so-called “Data Processing Agreement” with CleverReach in which we oblige CleverReach to protect our customers’ data and not to disclose them to third parties. This contract can be viewed at the following link: https://cloud-files.crsend.com/docs/Vereinbarung_Auftragsverarbeitung_Muster.pdf.

8. Plug-ins and Tools

YouTube

Our website uses plug-ins of the YouTube platform, which is operated by Google. The website operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We use YouTube in an extended data protection mode. According to YouTube, this mode means that YouTube does not store information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. So, YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on our website, a connection to YouTube’s servers will be established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud. These cookies remain on your device until you delete them.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

The use of YouTube is based on our interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on how YouTube handles data privacy can be found in their privacy policy at: https://youtube.com/t/privacy_at_youtube.

Google Web Fonts

This website uses so-called web fonts for the uniform representation of fonts, which are provided by Google. When accessing a page on our website, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. If your browser does not support web fonts, a default font installed on your computer will be used.

For the purpose of the font download, the browser you use must establish a connection to Google’s servers. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is based on our interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/or https://policies.google.com/privacy?hl=en.

Other scripts to improve the view

In order to achieve uniform functionality of our website and to improve the presentation and management of our online content, various scripts are used that are integrated via third-party providers. These script calls may result in the collection of the IP address and possibly other data from parameter sets of the browser. BioVariance GmbH does not seek any benefit of this data and has no influence on the processing of data by the script providers. The previous knowledge of the use of these scripts has shown no unlawful use of the data. Two providers of these scripts are UNPKG https://unpkg.com/ and jQuery https://jquery.com, which come from the open source software community and are managed on GitHub. This makes it possible to validate the data processing. Another script comes from Cloudflare, Inc., whose privacy policy can be viewed under https://www.cloudflare.com/privacypolicy/. Another script was written by BootstrapCDN, which is managed by StackPath, LLC. The privacy policy for BootstrapCDN can be viewd via https://www.bootstrapcdn.com/privacy-policy/.

The use of these scripts is based on a legitimate interest of the website operator in accordance with Art. 6 para. 1 lit. f GDPR to optimise the presentation of the website and to present the content as attractively as possible.

9. Entries in contacting fields and contacting by e-mail

Entering data in the contact fields

You can contact us via the contact area on our website and send us a request or a message. The transmission of the text data that you have written into the input fields is encrypted exclusively. When you press the Submit button, the data will be transmitted to us and stored. These data are: name of your organisation, your name, your e-mail address and message to us. At the time of sending the message, the date and time are also stored.

We use the Google service reCaptcha to determine whether a person or a computer makes inputs into our contact fields. This service is explained in Chapter 4 of this privacy policy. The data used by Google reCaptcha to check data input will only be forwarded to Google after confirmation of consent. The required consent is obtained automatically by pressing the Submit button.

The data will not be passed on to third parties. The data is processed exclusively within the scope of the designated purpose limitation – for the transmission of inquiries or messages. The legal basis for the processing of the data that you transmit to us is the execution of pre-contractual measures or a contract pursuant to Art. 6 para. 1 lit. b GDPR or your consent given to us pursuant to Art. 6 para. 1 lit. a GDPR.

Your personal data will be deleted as soon as it is no longer necessary for the purpose of its collection. Further processing will only take place if the data is necessary for an assignment and intended use of our offers or for the fulfilment of a contract.

Contact by e-mail

If you send us an e-mail request, your information from your e-mail, including the contact details provided by you, will be stored on our systems for processing this request and in case of follow-up questions. When sending an e-mail, we will automatically receive your e-mail address. All other information is voluntary. Incomplete or implausible information in an e-mail may result in it not being processed but discarded. In no case will we pass on the data transmitted to us to third parties, unless there is a corresponding consent from your side. The legal basis for the processing of your data is either an e-mail sent to us voluntarily pursuant to Art. 6 para. 1 lit. a GDPR or our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. In the case of pre-contractual measures or for the fulfilment of an existing contract, the legal basis is provided by Art. 6 para. 1 lit. b GDPR. Your data will be deleted after the completion of the processing of your request, provided that no legal basis permits further storage or no legal retention obligations conflict with the deletion. In the event that the processing is based on Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

The processing of your data in the case of a telephone call is carried out analogously in accordance with the above processing of e-mails.

10. Changes to the privacy policy

We reserve the right to update or change our privacy policy at any time in compliance with the applicable data privacy regulations. A change to the data privacy notices may be necessary, in particular due to technical developments. Please therefore always note the current version of the privacy policy published here.